System and method for secure network purchasing

ABSTRACT

There is disclosed a method for performing secure electronic transactions on a computer network, the network comprising a buyer&#39;s computer, a vendor server, a creditor server and a security server. The buyer&#39;s computer has a fingerprint file stored in the memory thereof. The method includes the steps of:  
     i) the buyer computer requesting to purchase merchandise to the vendor server, the purchase request including said buyer computer&#39;s IP address;  
     ii) the buyer computer selecting a predetermined form of secured payment method;  
     iii) the payment method selection causing the vendor server to transmit to the security server a request for confirmation of the buyer computer&#39;s identity at the buyer computer&#39;s IP address;  
     iv) the confirmation request causing the security server to send a retrieval request to the IP address, the retrieval request including a retrieval program for detecting and retrieving the buyer&#39;s computer&#39;s fingerprint file, and the retrieval request further comprising a response request asking for confirmation of the purchase request; whereby a positive response from the buyer&#39;s computer to the security server accompanied by the fingerprint file causes the security server to confirm the buyer computer&#39;s identity to the vendor server and to approve the purchase.

TECHNOLOGICAL FIELD OF THE INVENTION

[0001] The present invention relates to systems and methods forimplementing secure purchases over a computer network. Moreparticularly, the methods relate to a system which permits purchases ofmerchandise to be made over a computer network, whereby the purchasermay feel confident that personal credit card information is not at riskof being diverted, misappropriated or stolen and the merchant may bemore confident that the purchaser is bona fide.

[0002] It is well known for buyers of merchandise to access the globalclient/server network commonly referred to as the Internet, a part ofwhich is the World Wide Web, for the purpose of searching for andpurchasing merchandise from on-line vendors selling wares ranging fromtravel services and investment services to buying CD recordings, books,software, computer hardware and the like.

[0003] Numerous patents have already been granted which teach methods orsystems purporting to secure commercial credit card transactions carriedout over the Internet. Examples of such patents include U.S. Pat. No.5,671,279 to Elgamal, U.S. Pat. No. 5,727,163 to Bezos, U.S. Pat. No.5,822,737 to Ogram, U.S. Pat. No. 5,899,980 to Wilf et al. and U.S. Pat.No. 5,715,314 and U.S. Pat. No. 5,909,492, both to Payne, et al., thedisclosures of which are incorporated by reference herein for providingbackground and as indicative of the state of the art prior to theinvention herein disclosed.

[0004] Most of the disclosed systems have the disadvantage that theyrely on the transmission of sensitive information over unsecured networkroutes and lines for each transaction. Although practically-speaking,the systems which use encryption are fairly safe, there is still somerisk of credit card misappropriation and there is little psychologicalcomfort given to potential users by their knowing that encryption isbeing used.

[0005] Generally speaking, the Internet is a network of computers,remote from one another, linked by a variety of communications linesincluding telephone lines, cable television lines, satellite link-upsand the like. Internet service providers (hereinafter “ISPs”) providethe link to the main backbone of the Internet for small end users. Theaccount for the end user is established in the normal manner usually byproviding credit card information to the ISP by conventional means, suchas by voice telephony, fax transmission or check. In most ISP-end userrelationships, the ISP has been given credit card or other creditaccount information, which information is on file with the ISP andavailable to the ISP's computers. In return for receiving payment, theISP provides a gateway to the Internet for the end-user's use. Theend-user (or subscriber) is provided with identification codes fordialling directly into the ISP's computers and software means (forexample, dialler software, browser software, electronic mail software,and the like) for doing so if necessary.

[0006] Most purchases are conducted in the following manner: a purchaserusing a browser application on his local client computer connects viahis computer's modem to a dial-up Internet Service Provider (hereinafter“ISP”) and makes connections therethrough to various Web sites, Internetserver locations assigned a URL (Uniform Resource Locator) address. Thepurchaser selects his merchandise and the vendor usually requestspayment by one of several methods, one of which usually includes paymentby providing credit card information.

[0007] According to surveys and other marketing data, there always hasbeen and there still exists a high percentage of the population which isdetered from purchasing merchandise directly over the Internet. Thislarge population apparently fears that, despite all the efforts atsecurity and cryptography promised by the vendors, there still existsthe possibility that their credit account information will beintercepted on-line by a third party computer hacker and used illegally,at great expense and trouble for the cardholder.

[0008] An additional anxiety-inducing factor related to merchandisingover the Internet, or e-commerce, is that the merchant cannot always becertain that just because he has obtained credit card infomation, thathe will actually be paid for the merchandise he ships. After all, creditcard fraud and/or theft occurs regularly and may not be caught in timeto stop the order from being shipped. When the cardholder discovers thetheft and stops the card, it may be too late for the vendor to recoverhis property. At the very least, this situation leads to unnecessaryaggravation and wasted resources for the merchant, credit card companyand cardholder.

SUMMARY AND OBJECTS OF THE INVENTION

[0009] Thus, it is an objective of the present invention to provide asystem and method for potential on-line buyers of merchandise marketedover the Internet to pay for those purchases with minimized exposure tothe risk of credit card theft by electronic interception.

[0010] It is a further objective of the invention to provide a mechanismfor facilitating e-commerce which will increase the confidence of theconsuming public in the safety of such transactions.

[0011] It is still a further objective of the invention to provide amechanism for facilitating e-commerce which will increase the confidencewith which vendors may ship the purchased product or deliver thepurchased service without fear of the payment being providedfraudulently.

[0012] It is yet a further object of the present invention to provide asite-specific and computer-specific identification confirmation systemfor use in a secure electronic purchasing system.

[0013] These objectives and others and others not specificallyenumerated herein are achieved by the invention disclosed herein whichcomprises a system and method for providing payment to an on-linemerchant for services or goods provided to an on-line buyer. In oneexemplary embodiment, the method takes advantage of the existingbusiness relationships between the member computers which form thestructure of the Internet.

[0014] Each time a subscriber signs in to the ISP's computers for anon-line session, the subscriber is assigned an Internet Protocol(hereinafter “IP”) address. The subscriber's computer transmits messageswhich are received by the ISP computer and relayed through the IPaddress and out onto the Internet to the ultimate intended recipientcomputer. During the entire time the on-line session in progress, the IPaddress does not change and is thus available as identifyinginformation. By monitoring and occasionally re-verifying that thesubscriber's computer is still on-line at the assigned IP address, theISP can confirm that certain activities could be attributed to thesubscriber.

[0015] One embodiment of the present invention takes advantage of theintimate relationship which is re-created every time an Internetsubscriber's computer goes online and signs into his ISP's computer byassigning to the ISP computer the function of clearinghouse and activeintermediary between the subscriber's computer and the vendor'scomputer. A subscriber computer signs in to the ISP computer system andis recognized and assigned an IP address. When the subscriber identifiesmerchandise or services at a vendor's website which he wishes topurchase, he sends programming to the website which selects the itemsand instructs the vendor's computer to generate a purchase authorizationrequest which is sent to the ISP computer. The purchase authorizationrequest contains information about the merchandise to be purchased,identifying information about the proposed purchaser, some of which isthe identifying information assigned by the ISP to the subscriber. TheISP confirms internally that the subscriber is still signed in to theISP computer system by verifying the identity of the computer currentlyactively communicating through the IP address. When satisfied that thesubscriber is still online, the ISP computer generates and sends amessage to the subscriber's computer requesting confirmation of theorder for the merchandise. Upon receipt from the subscriber's computerof the confirmation, the ISP generates and transmits to the vendor'scomputer a message confirming the order and providing a confirmationnumber, agreeing to pay the invoice which the vendor's computersubsequently generates and presents to the ISP computer. ISP computerthen uses the subscriber's credit card information and presents aninvoice against the credit card account to be sent through normalchannels.

[0016] In another exemplary embodiment of the present invention, the ISPdoes not serve as the credit giver or transaction verifier/guarantor.This function is provided by a bank or vendor with whom the subscriberalready has a credit account, and who has an online presence, i.e. has atransaction server connected to the Internet which can participate inthe transaction as it is carried out by the subscriber/consumer.

BRIEF DESCRIPTION OF THE DRAWINGS

[0017] For better understanding of the invention, the following drawingsare included for consideration in combination with the detailedspecification which follows:

[0018]FIG. 1 shows a buyer computer in communication with a vendorcomputer via the ISP computer, wherein buyer computer is initiating apurchase transaction;

[0019]FIG. 2 shows the vendor computer communicating with the ISPcomputer to request authorization to complete buyer's requestedtransaction;

[0020]FIG. 3 shows the ISP computer confirming that correct IP addressis active with buyer's computer and requesting confirmation of buyer'stransaction;

[0021]FIG. 4 shows buyers computer responding to ISP computer's requestfor confirmation;

[0022]FIG. 5 shows ISP computer's transmission of a confirmation codeand invoicing instructions to vendor's computer;

[0023]FIG. 6 shows a block diagram illustrating another exemplaryembodiment of the present invention; and

[0024]FIG. 7 shows a block diagram illustrating another exemplaryembodiment of the present invention.

DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS

[0025] As was mentioned hereinabove, in one exemplary embodiment of theinvention, the credit account for the subscriber (also referred to as anend user or Buyer) is established in the normal manner usually byproviding credit card information to the ISP by conventional means, suchas by voice telephony, fax transmission or check. In most ISP-end userrelationships, the ISP has been given credit card information and thisinformation is on file with the ISP and avilable to the ISP's computers.In return for receiving payment, the ISP provides a gateway to theInternet for the end-user's use. The end-user (or subscriber) isprovided with software means and identification codes for diallingdirectly into the ISP's computers. The ISP's computers assign anInternet Protocol (hereinafter “IP”) address to the subscriber for useduiring the particular on-line session in progress. The subscriber'scomputer transmits messages which are received by the ISP computer andrelayed through the IP address and out onto the Internet to the ultimateintended recipient computer. During the entire time the on-line sessionIn progress, the IP address does not change and is thus available asidentifying information. By monitoring and occasionally re-verifyingthat the subscriber's computer is still on-line at the assigned IPaddress, the ISP can confirm that certain activities could be attributedto the subscriber.

[0026] This exemplary embodiment of the present invention takesadvantage of the intimate relationship which is re-created every time anInternet subscriber's computer goes online and signs into his ISP'scomputer by assigning to the ISP computer the function of clearinghouseand active intermediary between the subscriber's computer and thevendor's computer.

[0027] The method is described with reference to the drawings describedhereinabove as follows:

[0028] The ISP (also referred to hereinafter as a “ClearinghouseComputer”) is assigned a unique ISP-ID code.

[0029] As described hereinabove, the ISP's subscriber or customer(hereinafter “Buyer”) has gained the ability to access the Internetnetwork from his remote computer by opening an account with ISP.

[0030] The Buyer has provided credit card or other payment informationto the ISP when the account was opened, by conventional mail, fax, voicetelephony or any other acceptable method including known methods. Inexchange, Buyer receives from the ISP certain software andidentification codes which permit Buyer's computer to communicate withthe ISP's computers and to negotiate (request and obtain) an IP address.

[0031] At time of first sign-on, Buyer's Computer (hereinafter referredto as “BC”) transmits to BC a Buyer-ID code which is electronicallyrecorded or written into a file (e.g. a cookie file) on BC. The Buyer IDcode could be generated by any number of methods known in the art forgenerating identification codes.

[0032] When Buyer activates his BC to log onto ISP network (BC providesstandard log-in infomation to ISP), ISP also reads and logs in Buyer-IDcode and assigns IP address for current session to BC.

[0033] BC connects via ISP portal with Merchant Computer (MC) and Buyerselects desired merchandise and further selects to pay using Securityprogram manager payment method disclosed hereinbelow.

[0034] Buyer-ID and BC's IP address assigned for current session areprovided to MC programmed to request and receive said information

[0035] MC is programmed to use Buyer-ID and BC's current IP addressalong with information such as desired Item ID, cost and name forgenerating an electronic purchase inquiry which is transmitted throughthe network to ISP.

[0036] ISP is programmed such that upon receipt of purchase inquiry fromMC, ISP uses combination of IP address and Buyer-ID to determine withinISP's internal network whether Buyer is in fact still online at theaddress assigned at the beginning of the online session.

[0037] If ISP computer is unable to confirm that BC is still connectedto ISP system at the IP address expected, or that the BC IP addressgiven by MC is different from that assigned by ISP to BC, then anegative message is generated by ISP's computer and transmitted to MCthereby resulting in the early termination of the purchase transactionprocess by MC. ISP's computer may alternatively be programmed to conductother tests or inspect for other necessary conditions in an attempt toverify the source of the order placed with MC.

[0038] If BC is determined to be connected to ISP at correct address,ISP sends message containing details of purchase inquiry to BC askingBuyer to input confirmation of details of purchase desired to betransacted with MC.

[0039] Upon input of confirmation command by Buyer into BC, BC generatesand transmits a confirmation to ISP.

[0040] On receipt of Buyer's confirmation, ISP then generates andtransmits a Transaction Confirmation Number and instructs MC to proceedwith filling Buyer's order and also to generate and forward an invoiceto ISP.

[0041] The invoice to the ISP can be generated electronically andtransmitted directly to ISP's computer, instantaneously (during the samesession) or MC might wait until receiving programming indicating thatthe order has actually been filled.

[0042] Receipt of the invoice by ISP's computer then causes the ISPcomputer to generate and transmit, either electronically or throughconventional means, an instruction to Buyer's credit card company todebit Buyer's account for the amount of the purchase. Alternatively, ISPcould bill Buyer directly or any other reimbursement arrangement, e.g.through an insurance fund, is contemplated herein.

[0043] In another exemplary embodiment of the present invention, eitherthe ISP's server acts as the security coordinator or a black box(hereinafter “ISP Toolbox”) is located at the site of the ISP server.The following description will describe the embodiment where thesecurity coordinator functions are carried out by an ISP Toolbox.

[0044] Physical Placement of ISP Toolbox—

[0045] In this exemplary embodiment, the ISP Toolbox is located at thephysical site of the ISP, the ISP Toolbox is connected to the phone orcommunication lines coming into the ISP server directly from users onone side of ISP server. The ISP Toolbox is also connected to lines goingout to the Internet (via the modem basket) from the ISP server. The ISPToolbox does not interact directly with the ISP server. For the mostpart, it monitors incoming and outgoing traffic, waiting to take overthose communications should a security related transaction be called forby a home user.

[0046] The ISP Toolbox is essentially a mini-server, dedicated to thesecurity tasks assigned to it. The ISP Toolbox is provided withprogramming which, when activated, will send, receive and verify theproper forms and/or data to either a participating home user, ISP serveror vendor in order to carry out the proposed transaction. The followingscenario describes what can happen when a request for such a securityrelated transaction is detected by the ISP Toolbox.

[0047] As will be further described hereinbelow, in another exemplaryembodiment, the Toolbox is not located at the ISP but at the site ofanother credit provider.

[0048] 1. Application Process—This process only needs to occur once foreach acccount which a user might have:

[0049] a) In order to begin participation in the secure transactionsystem installed by his or her ISP, a User at home connects his home PCwith the server of the ISP with whom the home user has established anISP-user relationship. Upon establishing direct dial-up communicationswith the ISP server, the home user activates a file on ISP Website, forexample by clicking a button presented on his browser using his inputdevice, which alerts the ISP Toolbox to user's request for anapplication to enroll user's PC in system of the invention.

[0050] b) The ISP Toolbox supplies an apply.asp (“.asp” denotes anactive server page) file to the browser application, such as NetscapeCompany's Navigator® or Communicator® browser applications or MicrosoftCorp.'s Internet Explorer® applications. The user fills in the requestedinformation into the form and clicks on a submit button on his display.The apply.asp submits a new application record bearing the user's ISPuser name back to the ISP Toolbox which in turn notifies the ISP, forexample by way of an e-mail bearing a URL link to the application form,that a request for credit has been made. A credit decision on theapplication is then made either electronically at the level of the ISPbased on predefined or by a human credit manager. The ISP verifies theusername and e-mail address of the user and sets a credit limit. Theaccount is marked as “activated” by the setting of an approved creditlimit which initiates promotion by the ISP toolbox of the user recordfrom application status to active account status.

[0051] 2) Activation of the account initiates a process by which the ISPtoolbox generates a UID or unique identification for the user. The ISPtoolbox then generates and transmits an e-mail to the user whichcontains a link to a registration URL. When the user opens the e-mailand clicks on the registration URL, it downloads and activates aninstallation page and a system file from the ISP Toolbox, containing aLocator which comprises an <OBJECT> tag, the tag pointing to a GUID(Unique ID generator) and a codebase. The Locator is installed in theuser's browser cache and an instance thereof is blown inside the HTMLpage object module.

[0052] 3) The ISP Toolbox asks user to inspect his/her personal data, tochoose a personal password and click an icon or button to finishactivation of the new account. Clicking the button causes the onsubmithandler which came as part of the Locator, to start running a scriptwhich takes the user information, UID and further information about theuser's computer and sends these back to the ISP Toolbox.

[0053] a) Stupid agent—directs user to most recent client software.

[0054] b) Client software—encryption and decryption and retrieving datafrom wallet kept in registry, i.e.

[0055] 4) Generation of GUID by Black Box

[0056] 5) Describe purchasing session.

[0057] a) Online user goes to Website of merchant using any Web BrowserProgram and selects merchandise to purchase.

[0058] b) User is offered methods of payment and selects option buttonfor “SECURITY PROGRAM MANAGER” or “SAFE PAY OPTION”.

[0059] c) In an Autofetch process, an OnChange script handler in User'ssoftware prepares and sends request to Security program manager serverfor Session User Identity.

[0060] d) Security program manager server redirects request to user'sblack-box equipped ISP.

[0061] e) ISP black box searches its files and returns user's identity.

[0062] f) A user form is generated by user's computer and populated withuser information including identity returned in step (e) from ISP blackbox.

[0063] g) The form is submitted, together with a challenge which isforwarded to the vendor server.

[0064] h) Vendor server runs a script that calls the Security programmanager server's getGatePass.asp, thereby transmitting the Session UserIdentity, IP (user's current IP address), Sum and the challenge.

[0065] i) The Security program manager center redirects the vendorserver's call to the ISP identified by the IP while the user stands by.

[0066] j) The ISP's getGatePass.asp runs a check of the IP provided aspart of the vendor server's call against the internally known IP to makethe sure that is where the user really is logged in. If the IP testfails, the vendor server receives a rejection notification from the ISPserver and the transaction is terminated.

[0067] k) If the IP test succeeds (i.e. the user really is connected tothe correct IP address) then the ISP challenges the home listener.

[0068] The examples discussed herein and demonstrated by the Figures aremerely for illustrative purposes only. Variations and modifications ofthe disclosed invention in a manner well within the skill of the man ofaverage skill in the art are contemplated and are intended to beencompassed within the scope and spirit of the invention as defined bythe claims which follow.

[0069] For example, in another exemplary embodiment the ISP is not thesite where the Toolbox resides. With reference to FIG. 7, The Toolboxcould be physically located at the site of the credit provider(“Creditor”), e.g. online-enabled bank, credit card provider or otheraffinity-card or charge account provider (including brick-and-mortarretailer's with an online presence such as Macy's) and in communicationthrough normal channels with Creditor's transactional server. In thiscase, the ISP would not be an active part of the purchase transaction,other than in the usual known way by giving User access to the Internet.Generally, except as specified hereinbelow, the rest of the processproceeds substantially as decribed hereinabove. Specifically, in thisexemplary embodiment, the account is set up as follows:

[0070] 1) In order to subscribe to or begin participation in the securetransaction system in which his Creditor also participates, a User athome connects his home PC with the Internet via an ISP. Uponestablishing communications with the Creditor server, user activates agetapplication file on Creditor's Website, for example by clicking abutton presented by user's browser using his input device, Which alertsthe Creditor Toolbox to user's request for an application to enrolluser's PC in system of the invention. The system is specific to the userPC which is enrolled as will be further elaborated hereinbelow.

[0071] 2) The Creditor's Toolbox supplies an apply.asp (“.asp” denotesan active server page) file to the browser application. The user fillsthe requested information into the form; usually this will include auser name (either new or pre-existing), a requested credit line, and ane-mail address which is accessible from the PC, laptop or other clientcomputer from which user wishes to be able to make purchases. Theapply.asp also includes diagnostic programming which is activated whenuser clicks on the submit or sign up button on his display. At thatpoint, the apply.asp “reads” diagnoses whether the user's PC haslabelled certain components which can be used for generating afingerprint file for helping to verify user's PC's identity in futurefunctions. Certain basic information is “read” and is transparentlysubmitted by the apply.asp along with the user-provided information inthe form of a new application record bearing the user's IP address backto the Creditor's Toolbox.

[0072] 3) The application is processed by a credit-decision maker. Thismay be either done automatically by Creditor's server based onpre-definable parameters and access to user's credit particulars and theparticulars provided in the application, or by a human credit operatorwho manually opens the application record by accessing the ToolboxAdministration Center Website and selects the option to Accept/rejectnew applications. Either way, a credit decision on the application ismade and a credit limit is set or the application is rejected. Ifrejected, an e-mail is generated to inform user.

[0073] 4) If the application is accepted, the account is marked as“activated” by the setting of an approved credit limit which initiatespromotion by the Creditor Toolbox of the user record from applicationstatus to active account status. Activation of the account alsoinitiates a process by which the Creditor Toolbox generates afingerprint file including a unique identification (“UID”) for the userusing the identifying characteristics of user's PC which were diagnosedby the apply.asp and accompanied the application (e.g. CPU ID number,hard disk serial number, amountg of RAM, BIOS version and type, etc.).User is notified via an e-mail sent to the e-mail address specified inthe application. The e-mail includes a notification of what credit linehas been set and it also includes a hypertext link, e.g. “Please clickhere to activate your account”. When user clicks on the link which isalso a registration URL, it downloads and activates an installation pageand system files from the Creditor's Toolbox, including a Locator whichcomprises an <OBJECT> tag, the tag pointing to a GUID (Unique IDgenerator) and a codebase (encryption and decryption programs, ahandshake code generating program, and a challenge generating programare among the files downloaded for future use by the user PC; these mayalso be useful for retrieving encrypted data from the wallet kept inuser's PC registry). The Locator is installed in the user's PC and aninstance thereof is blown inside the HTML page object module. The abovestep occurs only after the link activates a file which reads theidentity numbers of the various components of user's PC to make surethat the user PC is the same one from which the application wasgenerated in Paragraph 2 hereinabove. If in fact it appears to be thesame user PC, then the rest of the download takes place.

[0074] 5) The Creditor Toolbox asks user to fill in her selectedpassword again and to fill in her personal data, and click an icon orbutton to finish activation of the new account. Clicking the buttoncauses the onsubmit handler which came as part of the Locator, to startrunning a script which takes the user information, UID and furtheridentifying information about the user's computer and sends these backto the Creditor's Toolbox for future reference.

[0075] 6) Another of the items which may have been downloaded intoUser's computer is a Stupid agent which directs User's computer to themost recent client software available, either from the Creditor Toolboxor from a Security Management Website. This stupid agent is activated atthe beginning of any purchase transaction, to ensure that User has themost recent agents to permit the transaction to work, and optionally toprovide Creditor Toolbox or the Security Management Website with anopportunity to verify that certain identifying factors of User's systemhave not changed, as a security spotcheck.

[0076] 7) A participating Merchant agrees to participate in the Safesystem of the invention and does so by incorporating source codeprovided by the Security Program Manager into his “Select PaymentMethod” Web page. This [i] creates an option for payment using the Safesystem of the invention, which when activated by a user, causes Merchantserver to take user's IP address and send a request to Creditor Toolboxasking for verification (a) that user having IP address provided isactually online and placing an order having a certain purchase value and(b) that user has a sufficient credit limit to place an order of thatvalue and (optionally) that Creditor has agreed honor a demand forpayment of said purchase. The full cycle of a transaction will bedescribed more completely and in greater detail hereinbelow.

[0077] With reference to FIG. 7, it can be seen that a typicalpurchasing session in this exemplary embodiment proceeds as follows:

[0078] a) User PC goes online and user points his browser to the Websiteof a Merchant server using any Web Browser Program; downloads filesdepicting merchandise for sale and selects merchandise to purchase whichgenerates a purchase request to Merchant's server, all in a manner wellknown in the art.

[0079] b) Merchant's server sends back to user PC an order page or pageswhich typically includes a transaction number, the value of the order,and asks for billing information, shipping information. At some point,user is offered to indicate her desired method of payment and selectsoption button which designates the Safe payment plan of the presentinvention, e.g. “SAFE OPTION”.

[0080] c) Selection of the “Safe Option” generates a message back toMerchant's server which includes user's IP address and instructsMerchant's server to forward a request to Creditor's Toolbox to confirmthat the user at the IP address provided is (a) actually and activelyonline and trying to make this purchase, and (b) that the user at the IPaddress has the necessary credit to make such a purchase.

[0081] d) Upon receipt of the request from Merchant's server, Toolboximmediately sends a transmission to the IP address provided byMerchant's server. The transmission includes files which (a) search for,decrypt and read the UID files in user's PC to see who it is, (if the PCis a machine registered in the system) and (b) which generate a Pop-upmessage on the registered user's browser to make sure that thetransaction is desired by the Safe system registered user. The messageadvises that a transaction having a particular value is being requestedand asks for confirmation or rejection of the transaction. To reject thetransaction, user can actively Reject by pressing a Reject button orsimply by not responding within a pre-determined default time. To acceptthe transaction, the user must provide his user password and submit theform back to the Toolbox. The form is accompanied transparently by thefingerprint file containing the UID and other machine identifyinginformation decrypted and extracted from user's PC by the transmissionfrom the Toolbox.

[0082] e) If accepted by user, then Toolbox checks database to make sureuser's credit limit is not exceeded and sends a coded confirmation toMerchant's server that the transaction is confirmed and will be paid forby Creditor on behalf of user. Merchant then sends HTML message toadvise user that the identified transaction has been successfullyprocessed.

[0083] f) As described hereinabove, if user either actively Rejects orfails to respond to the Pop-up message in a predetermined time period,for example, 2 minutes, the Pop-up message disappears and Toolboxadvises Merchant's server that the transaction is not accepted.Optionally, provision can be made where user can label a tenderedtransaction as “suspicious” and reject an order with prejudice, thusalerting both Toolbox and Security Program Manager, and thereforeMerchant, that some attempt was made to defraud Merchant. Obviously,this knowledge can provide great benefits in aiding to track down cybercredit frauds and inhibit criminal activity.

[0084] In another exemplary embodiment, the Creditor server is also anISP server, or at least they are at the same location and being servicedby the same modem basket. The Toolbox is still situated at that locationas well. Thus, a bank which offers ISP services to it's on-linecustomers can also offer them the safety of the Safe transaction systemand method, which is carried out by the Toolbox right on thebank's/ISP's premises.

I claim: 1) In a computer network, a system for performing a securedtransaction between a buyer's PC, a vendor server, a creditor server anda security server, wherein said buyer's PC has received fingerprintprogramming from said security server. 2) A system for performing asecured transaction according to claim 1, wherein said buyer's PC hasreceived encryption programming and decryption programming from saidsecurity server. 3) A method for performing secure electronictransactions on a computer network, said network comprising a buyer'scomputer, a vendor server, a creditor server and a security server, saidbuyer's computer having a fingerprint file stored in the memory thereof,including the steps of: i) said buyer computer requesting to purchasemerchandise to said vendor server, said purchase request including saidbuyer computer's IP address; ii) said buyer computer selecting apredetermined form of secured payment method; iii) said payment methodselection causing said vendor server to transmit to said security servera request for confirmation of said buyer computer's identity at saidbuyer computer's IP address; iv) said confirmation request causing saidsecurity server to send a retrieval request to said IP address, saidretrieval request including a retrieval program for detecting andretrieving said buyer's computer's fingerprint file, and said retrievalrequest further comprising a response request asking for confirmation ofsaid purchase request; whereby a positive response from said buyer'scomputer to said security server accompanied by said fingerprint filecauses said security server to confirm said buyer computer's identity tosaid vendor server and to approve said purchase. 4) A method ofperforming secure electronic transactions on a computer network, saidnetwork comprising a buying computer, an ISP computer and a vendorcomputer, including the steps of: said ISP computer assigning to buyingcomputer a Buyer-ID code and IP address; said buying computercommunicating via said ISP computer with said vendor computer andallowing an operator to select merchandise or services for purchase;said Buyer-ID and buyer computer's IP address are provided to vendorcomputer programmed to request and receive said information; vendorcomputer is programmed to use Buyer-ID and BC's current IP address alongwith information such as desired Item ID, cost and name for generatingan electronic purchase inquiry which is transmitted to ISP computer; ISPis programmed such that upon receipt of purchase inquiry from MC, ISPuses combination of IP address and Buyer-ID to determine within ISP'sinternal network whether Buyer is in fact still online at the addressassigned at the beginning of the online session; whereby if buyercomputer is determined to be connected to ISP computer at correctaddress, ISP computer then generates and transmits TransactionConfirmation Number and instructs MC to generate and forward invoice toISP computer. sending at least one verification response, based upon thecomparing of the first fingerprint file against the second fingerprintfile and upon the comparing of the first identification for the useragainst the second identification for the user.
 6. The method accordingto claim 5 wherein the verification computer is a clearinghousecomputer.
 7. The method according to claim 5 wherein the verificationcomputer is a vendor computer.
 8. A method according to claim 5, whereinsaid step of sending at least one request to a user computer includes:sending a first request to the user computer for the first fingerprintfile; and sending a second request to the user computer for the firstidentification for the user.
 9. A method according to claim 5, whereinsaid step of receiving at least one response from the user computerincludes: receiving a first response from the user computer includingthe fingerprint file; and receiving a second response from the usercomputer including the first identification for the user.
 10. A methodaccording to claim 9, wherein the second response from the user computeris received prior to first response from the user computer.
 11. A methodaccording to claim 5, wherein said steps of comparing the firstfingerprint file against a second fingerprint file, and comparing thefirst identification for the user against a second identification forthe user are not performed simultaneously.
 12. A method according toclaim 7, wherein said step of sending at least one response to thevendor computer, based upon the comparing of the first fingerprint fileagainst the second fingerprint file and upon the comparing of the firstidentification for the user against the second identification for theuser includes sending a confirmation only when both the firstfingerprint file and the first identification of the user match thesecond fingerprint file and the second identification for the userrespectively.
 13. A method according to claim 8, wherein said step ofreceiving at least one response from the user computer includes:receiving a first response from the user computer including the firstfingerprint file; and receiving a second response from the user computerincluding the first identification for the user.
 14. A method accordingto 13, wherein the second response from the user computer is receivedprior to first response from the user computer.
 15. A method accordingto claim 5, wherein the first identification for the user includes apassword.
 16. A method according to claim 5, wherein the firstfingerprint file includes information based upon an identificationnumber of a CPU of the user computer.
 17. A method according to claim 5,wherein the first fingerprint file includes information based upon a MACaddress associated with the user computer.
 18. A method according toclaim 5, wherein prior to the step of receiving the first request fromthe verification computer, storing the second fingerprint file in afirst data base accessible by verification computer, and storing thesecond identifications for the user in a second database accessible bythe verification computer.
 19. A method according to claim 7, whereinprior to the step of receiving the first request from the vendorcomputer, storing the second fingerprint file in a first data baseaccessible by a clearinghouse computer, and storing the secondidentifications for the user in a second database accessible by aclearinghouse computer.
 20. A method according to claim 17, wherein thefirst database and second database are the same.
 21. A method accordingto claim 7, wherein the step of receiving a request from a vendorcomputer includes receiving an internet address of the user computer.22. A method according to claim 21, wherein prior to the step of sendingthe at least one request to the user computer, identifying the usercomputer based upon the internet address received from the vendorcomputer.
 23. A clearinghouse computer comprising: a storage unit forstoring information received from a user computer; the informationincluding a second fingerprint file and a second identification for auser; a memory unit for receiving information indicative of firstfingerprint file and a first identification for the user; and aprocessor for communicating with the storage unit and the memory unitfor comparing information indicative of the second fingerprint file andthe second identification for the user with information indicative ofthe first fingerprint file and first identification for the user, andcausing a message to be generated based upon the comparing.
 24. Aclearinghouse computer according to claim 23, wherein the storage unitincludes: a first storage location for storing the second fingerprintfile, and a second storage location for storing the secondidentification for the user.
 25. A clearinghouse computer according toclaim 23, wherein the memory unit includes: a first memory location forstoring, at least temporarily, the first fingerprint file, and a secondmemory location for storing, at least temporarily, the firstidentification for the user.
 26. A clearinghouse computer according toclaim 23, further including: an output for receiving the message to begenerated based upon the comparison, and the output further capable ofcommunicating with a vendor computer.
 27. A clearinghouse computeraccording to claim 23, wherein the second identification for the userincludes a password.
 28. A clearinghouse computer according to claim 23,wherein the second fingerprint file includes information based upon anidentification number of a CPU of the user computer.
 29. A method forverifying a user and a user computer comprising: receiving at a firstserver at least one first message from the user computer, the at leastone first message including a first fingerprint file; comparing thefirst fingerprint file against a second fingerprint file to verify theuser computer, the second fingerprint file accessible by the firstserver; receiving at a second server at least one second message fromthe user computer, the at least one second message including a firstidentification for the user; and comparing the first identification forthe user against a second identification for the user to verify theuser, the second identification for the user accessible by the secondserver.
 30. A method according to claim 29 where at least one server isa mini-server
 31. The method according to claim 30 where the first andsecond servers are mini-servers.
 32. A method according to claim 31,wherein the first mini-server is associated with a first clearinghousecomputer and the second mini-server is associated with a secondclearinghouse computer.
 33. A method according to claim 31, wherein thefirst mini-server is associated with a first clearinghouse computer andthe second mini-server is associated also with the clearinghousecomputer.
 34. A method according to claim 29, wherein: after the step ofcomparing the first fingerprint file against the second fingerprint fileto verify the user computer, generating a first-mini-server message atthe first mini-server based upon the results of said comparison; andafter the step of comparing the first identification for the useragainst the second identification for the user to verify the user,generating a second-mini-server message at the second mini-server basedupon the results of said comparison.
 35. A method according to claim 34,further including: sending the first-mini-server message to a vendorcomputer; and sending the second-mini-server message to the vendorcomputer.
 36. A method according to claim 35, further including:authorizing an action by the vendor computer only if both thefirst-mini-server message contains information indicating the usercomputer was verified and the second-mini-server message containsinformation indicating the user was verified.
 37. A vendor computercomprising: a first input for communicating with a first mini-server forreceiving a first-mini-server message containing information indicatingif a user computer was verified; a second input for communicating with asecond mini-server for receiving a second-mini-server message containinginformation indicating if a user was verified; a processor for receivingthe first-mini-server message from the first output and the secondmini-server message from the second output and authorizing an actiononly if both the first-mini-server message contains informationindicating the user computer was verified and the second-mini-servermessage contains information indicating the user was verified.
 38. Avendor computer according to claim 37, wherein the first input and thesecond input are the same.